BLOG

BitHawk - An example of finding Adware/Malware on an Android phone

BitHawk - An example of finding Adware/Malware on an Android phone

NSK’s new product BitHawk is a new cyber defense application that picks up where your antivirus solutions leave off. It provides our customers with powerful, efficient protection and system clean-up capabilities.

Below is an example of how it found an app on one of our Clients phone’s that was connected to Chinese adware/spyware servers and collecting data from the person’s phone.

There are quite a few apps like this where they communicate with adware/spyware servers and collect the user’s data in the background. Most of the time it goes completely unnoticed because it is all operating behind the scenes. (Especially on Android phones.) Google is less restrictive in what applications (apps) get published in their Android App Store compared to Apple's App Store for iPhones.

Through BitHawk, the alert is pretty cool, it alerts us that someone had a ‘flashlight’ app on their phone. Third party flashlight apps downloaded through the App Store typically contain spyware. If you have a flashlight app that came preinstalled with your phone, those are typically safe. This one was connecting to a server in China and collecting personal information off the user’s phone and sending it back to them.

It is not as high of an alert compared to ransomware, but it is great to see that with BitHawk we were able to detect the traffic from these ad servers, trace the source back to a cell phone within an organization that was using the product, and finally know exactly what application on the Android phone was doing it, which allowed us to remediate the issue and keep prying eyes off the employees' personal information.

Below is the alert that one of our Help Desk Engineers received from the BitHawk Application that we use.